diff options
Diffstat (limited to 'spec/lib/gitlab/ci/parsers')
4 files changed, 82 insertions, 80 deletions
diff --git a/spec/lib/gitlab/ci/parsers/sbom/source/dependency_scanning_spec.rb b/spec/lib/gitlab/ci/parsers/sbom/source/dependency_scanning_spec.rb index 7222ebc3cb8..e12fa380209 100644 --- a/spec/lib/gitlab/ci/parsers/sbom/source/dependency_scanning_spec.rb +++ b/spec/lib/gitlab/ci/parsers/sbom/source/dependency_scanning_spec.rb @@ -19,8 +19,7 @@ RSpec.describe Gitlab::Ci::Parsers::Sbom::Source::DependencyScanning do it 'returns expected source data' do is_expected.to have_attributes( source_type: :dependency_scanning, - data: property_data, - fingerprint: '4dbcb747e6f0fb3ed4f48d96b777f1d64acdf43e459fdfefad404e55c004a188' + data: property_data ) end end diff --git a/spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb b/spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb index c54a3268bbe..f58a463f047 100644 --- a/spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb +++ b/spec/lib/gitlab/ci/parsers/sbom/validators/cyclonedx_schema_validator_spec.rb @@ -72,12 +72,13 @@ RSpec.describe Gitlab::Ci::Parsers::Sbom::Validators::CyclonedxSchemaValidator d it { is_expected.not_to be_valid } it "outputs errors for each validation failure" do - expect(validator.errors).to match_array([ - "property '/components/0' is missing required keys: name", - "property '/components/0/type' is not one of: [\"application\", \"framework\"," \ - " \"library\", \"container\", \"operating-system\", \"device\", \"firmware\", \"file\"]", - "property '/components/1' is missing required keys: type" - ]) + expect(validator.errors).to match_array( + [ + "property '/components/0' is missing required keys: name", + "property '/components/0/type' is not one of: [\"application\", \"framework\"," \ + " \"library\", \"container\", \"operating-system\", \"device\", \"firmware\", \"file\"]", + "property '/components/1' is missing required keys: type" + ]) end end end @@ -121,10 +122,11 @@ RSpec.describe Gitlab::Ci::Parsers::Sbom::Validators::CyclonedxSchemaValidator d it { is_expected.not_to be_valid } it "outputs errors for each validation failure" do - expect(validator.errors).to match_array([ - "property '/metadata/properties/0/name' is not of type: string", - "property '/metadata/properties/0/value' is not of type: string" - ]) + expect(validator.errors).to match_array( + [ + "property '/metadata/properties/0/name' is not of type: string", + "property '/metadata/properties/0/value' is not of type: string" + ]) end end end diff --git a/spec/lib/gitlab/ci/parsers/security/common_spec.rb b/spec/lib/gitlab/ci/parsers/security/common_spec.rb index 297ef1f5bb9..7dbad354e4c 100644 --- a/spec/lib/gitlab/ci/parsers/security/common_spec.rb +++ b/spec/lib/gitlab/ci/parsers/security/common_spec.rb @@ -54,24 +54,15 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do context 'when the validate flag is set to `false`' do let(:validate) { false } - let(:valid?) { false } - let(:errors) { ['foo'] } - let(:warnings) { ['bar'] } before do - allow_next_instance_of(validator_class) do |instance| - allow(instance).to receive(:valid?).and_return(valid?) - allow(instance).to receive(:errors).and_return(errors) - allow(instance).to receive(:warnings).and_return(warnings) - end - allow(parser).to receive_messages(create_scanner: true, create_scan: true) end - it 'instantiates the validator with correct params' do + it 'does not instantiate the validator' do parse_report - expect(validator_class).to have_received(:new).with( + expect(validator_class).not_to have_received(:new).with( report.type, data.deep_stringify_keys, report.version, @@ -80,43 +71,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do ) end - context 'when the report data is not valid according to the schema' do - it 'adds warnings to the report' do - expect { parse_report }.to change { report.warnings }.from([]).to( - [ - { message: 'foo', type: 'Schema' }, - { message: 'bar', type: 'Schema' } - ] - ) - end - - it 'keeps the execution flow as normal' do - parse_report + it 'marks the report as valid' do + parse_report - expect(parser).to have_received(:create_scanner) - expect(parser).to have_received(:create_scan) - end + expect(report).not_to be_errored end - context 'when the report data is valid according to the schema' do - let(:valid?) { true } - let(:errors) { [] } - let(:warnings) { [] } - - it 'does not add errors to the report' do - expect { parse_report }.not_to change { report.errors } - end - - it 'does not add warnings to the report' do - expect { parse_report }.not_to change { report.warnings } - end - - it 'keeps the execution flow as normal' do - parse_report + it 'keeps the execution flow as normal' do + parse_report - expect(parser).to have_received(:create_scanner) - expect(parser).to have_received(:create_scan) - end + expect(parser).to have_received(:create_scanner) + expect(parser).to have_received(:create_scan) end end @@ -152,12 +117,17 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do it 'adds errors to the report' do expect { parse_report }.to change { report.errors }.from([]).to( [ - { message: 'foo', type: 'Schema' }, - { message: 'bar', type: 'Schema' } + { message: 'foo', type: 'Schema' } ] ) end + it 'marks the report as invalid' do + parse_report + + expect(report).to be_errored + end + it 'does not try to create report entities' do parse_report @@ -175,8 +145,24 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do expect { parse_report }.not_to change { report.errors }.from([]) end - it 'does not add warnings to the report' do - expect { parse_report }.not_to change { report.warnings }.from([]) + context 'and no warnings are present' do + let(:warnings) { [] } + + it 'does not add warnings to the report' do + expect { parse_report }.not_to change { report.warnings }.from([]) + end + end + + context 'and some warnings are present' do + let(:warnings) { ['bar'] } + + it 'does add warnings to the report' do + expect { parse_report }.to change { report.warnings }.from([]).to( + [ + { message: 'bar', type: 'Schema' } + ] + ) + end end it 'keeps the execution flow as normal' do @@ -298,8 +284,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do scans = report.findings.map(&:scan) expect(scans.map(&:status).all?('success')).to be(true) - expect(scans.map(&:start_time).all?('placeholder-value')).to be(true) - expect(scans.map(&:end_time).all?('placeholder-value')).to be(true) + expect(scans.map(&:start_time).all?('2022-08-10T21:37:00')).to be(true) + expect(scans.map(&:end_time).all?('2022-08-10T21:38:00')).to be(true) expect(scans.size).to eq(7) expect(scans.first).to be_a(::Gitlab::Ci::Reports::Security::Scan) end @@ -418,11 +404,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do { 'type' => 'source', 'items' => [ - 'signatures' => [ - { 'algorithm' => 'hash', 'value' => 'hash_value' }, - { 'algorithm' => 'location', 'value' => 'location_value' }, - { 'algorithm' => 'scope_offset', 'value' => 'scope_offset_value' } - ] + 'signatures' => [ + { 'algorithm' => 'hash', 'value' => 'hash_value' }, + { 'algorithm' => 'location', 'value' => 'location_value' }, + { 'algorithm' => 'scope_offset', 'value' => 'scope_offset_value' } + ] ] } end @@ -440,11 +426,11 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Common do { 'type' => 'source', 'items' => [ - 'signatures' => [ - { 'algorithm' => 'hash', 'value' => 'hash_value' }, - { 'algorithm' => 'location', 'value' => 'location_value' }, - { 'algorithm' => 'INVALID', 'value' => 'scope_offset_value' } - ] + 'signatures' => [ + { 'algorithm' => 'hash', 'value' => 'hash_value' }, + { 'algorithm' => 'location', 'value' => 'location_value' }, + { 'algorithm' => 'INVALID', 'value' => 'scope_offset_value' } + ] ] } end diff --git a/spec/lib/gitlab/ci/parsers/security/sast_spec.rb b/spec/lib/gitlab/ci/parsers/security/sast_spec.rb index 4bc48f6611a..f6113308201 100644 --- a/spec/lib/gitlab/ci/parsers/security/sast_spec.rb +++ b/spec/lib/gitlab/ci/parsers/security/sast_spec.rb @@ -10,24 +10,39 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do let(:created_at) { 2.weeks.ago } - context "when parsing valid reports" do - where(:report_format, :report_version, :scanner_length, :finding_length, :identifier_length, :file_path, :line) do - :sast | '14.0.0' | 1 | 5 | 6 | 'groovy/src/main/java/com/gitlab/security_products/tests/App.groovy' | 47 - :sast_deprecated | '1.2' | 3 | 33 | 17 | 'python/hardcoded/hardcoded-tmp.py' | 1 + context "when passing valid report" do + # rubocop: disable Layout/LineLength + where(:report_format, :report_version, :scanner_length, :finding_length, :identifier_length, :file_path, :start_line, :end_line, :primary_identifiers_length) do + :sast | '14.0.0' | 1 | 5 | 6 | 'groovy/src/main/java/com/gitlab/security_products/tests/App.groovy' | 47 | 47 | nil + :sast_semgrep_for_multiple_findings | '14.0.4' | 1 | 2 | 6 | 'app/app.py' | 39 | nil | 2 end + # rubocop: enable Layout/LineLength with_them do - let(:report) { Gitlab::Ci::Reports::Security::Report.new(artifact.file_type, pipeline, created_at) } + let(:report) do + Gitlab::Ci::Reports::Security::Report.new( + artifact.file_type, + pipeline, + created_at + ) + end + let(:artifact) { create(:ci_job_artifact, report_format) } before do - artifact.each_blob { |blob| described_class.parse!(blob, report) } + artifact.each_blob { |blob| described_class.parse!(blob, report, validate: true) } end it "parses all identifiers and findings" do expect(report.findings.length).to eq(finding_length) expect(report.identifiers.length).to eq(identifier_length) expect(report.scanners.length).to eq(scanner_length) + + if primary_identifiers_length + expect( + report.scanners.each_value.first.primary_identifiers.length + ).to eq(primary_identifiers_length) + end end it 'generates expected location' do @@ -36,8 +51,8 @@ RSpec.describe Gitlab::Ci::Parsers::Security::Sast do expect(location).to be_a(::Gitlab::Ci::Reports::Security::Locations::Sast) expect(location).to have_attributes( file_path: file_path, - end_line: line, - start_line: line + end_line: end_line, + start_line: start_line ) end |